/*
* Licensed under the MIT License
* 
* Copyright (c) 2010 Kay Kreuning
* 
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
* 
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* 
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
* 
* http://code.google.com/p/as3hyvesapi
*/
package nl.hyves.api.authorization
{
	import flash.events.Event;
	import flash.external.ExternalInterface;
	import flash.net.URLLoader;
	import flash.net.URLRequest;
	
	import nl.hyves.api.methods.PublicMethods;
	import nl.hyvesstudio.oauth.Accesstoken;
	import nl.hyvesstudio.oauth.IOAuthService;
	import nl.hyvesstudio.oauth.authorization.IAuthorizer;
	
	/**
	 * This class can be used in combination with the oauthBridje.js javascript to let the user authorize through a (javascript) popup.
	 * Note that the (page containing the) oauthBridge.js file must be accessible to the user.
	 * 
	 * @author Kay Kreuning
	 */
	public class PopupAuthorizer implements IAuthorizer
	{
		/** Default expiration, valid for 6 hours */
		public static const EXPIRATIONTYPE_DEFAULT:String = "default";
		
		/** No expiration */
		public static const EXPIRATIONTYPE_INFINITE:String = "infinite";
		
		/** The user chooses the expiredate */
		public static const EXPIRATIONTYPE_USER:String = "user";
		
		private const API_ENDPOINT:String = "http://data.hyves-api.nl/";
		private const AUTHORIZE_ENDPOINT:String = "http://www.hyves.nl/api/authorize/";
		
		private var callbackURL:String;
		private var methods:Array;
		private var expirationType:String;
		private var oauthService:IOAuthService;
		
		/**
		 * Create a new PopupAuthorizer instance.
		 * 
		 * @param callbackURL the page where the oauthBridge.js file is contained on
		 * @param methods Methods to authorize
		 * @param expirationType time the token will be valid
		 */
		public function PopupAuthorizer(callbackURL:String, methods:Array, expirationType:String = EXPIRATIONTYPE_DEFAULT)
		{
			this.callbackURL = callbackURL;
			this.methods = methods;
			this.expirationType = expirationType;
		}
		
		/** @inheritDoc */
		public function authorize(oauthService:IOAuthService):void
		{
			this.oauthService = oauthService;
			
			oauthService.accesstoken = null;
			
			var request:URLRequest = oauthService.createURLRequest(
				API_ENDPOINT,
				{
					ha_method: PublicMethods.auth_requesttoken,
					methods: methods.join(","),
					expirationtype: expirationType
				});
			
			var loader:URLLoader = new URLLoader(request);
			loader.addEventListener(Event.COMPLETE, onRequestComplete, false, 0, true);
		}
		
		private function onRequestComplete(event:Event):void
		{
			event.target.removeEventListener(Event.COMPLETE, onRequestComplete);
			
			var response:XML = new XML(event.target.data);
			
			var token:Accesstoken = new Accesstoken(
				response.oauth_token.toString(),
				response.oauth_token_secret.toString()
				);
			
			oauthService.accesstoken = token;
			
			var url:String = AUTHORIZE_ENDPOINT + 
				"?oauth_token=" + encodeURIComponent(token.token) +
				"&oauth_callback=" + encodeURIComponent(callbackURL);
			
			if (ExternalInterface.available)
			{
				ExternalInterface.addCallback("setVerifier", onRequesttokenAuthorized);
				ExternalInterface.call("OAuthBridge.callAuthorize", url);
			}
			else
			{
				// TODO: Throw errors when ExternalInterface is not available.
			}
			
			// TODO: Do somethinf when the user declines.
		}
		
		private function onRequesttokenAuthorized(response:String):void
		{
			var token:String = decodeURIComponent(response.match(/(?<=oauth_token).*(?=&oauth_verifier)/g)[0]);
			var verifier:String = decodeURIComponent(response.match(/(?<=oauth_verifier=)\w+/g)[0]);
			
			var request:URLRequest = oauthService.createURLRequest(
				API_ENDPOINT,
				{
					ha_method: PublicMethods.auth_accesstoken,
					oauth_token: token,
					oauth_verifier: verifier
				});
			
			var loader:URLLoader = new URLLoader(request);
			loader.addEventListener(Event.COMPLETE, onAccesstokenComplete, false, 0, true);
		}
		
		private function onAccesstokenComplete(event:Event):void
		{
			event.target.removeEventListener(Event.COMPLETE, onAccesstokenComplete);
			
			var response:XML = new XML(event.target.data);
			
			oauthService.accesstoken = new Accesstoken(
				response.oauth_token.toString(),
				response.oauth_token_secret.toString(),
				response.userid.toString(),
				response.methods.toString().split(","),
				new Date(parseInt(response.expiredate.toString()) * 1000));
		}
	}
}